Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
PhD Seminar 23 November 2004 Per Trygve Myhrer Overview Methods that can be used to identify hazards early in the development process Methods to achieve traceability and Intent Specification 2 Finding hazards early It is important to: Identify hazards Be able to insert barriers or preventive action early We do not want a lot of analysis that are useless after changes and gives a false sense of security 3 Finding hazards early II In the BUCS project we have tried out several methods for identifying hazards PHA on System concept PHA on High level requirements PHA to find deviations from the happy scenarios Use of the KJ process with focus on hazards 4 Preliminary Hazard Analysis Brainstorming, structured by PHA table and system concept What can go wrong The results depend on the participants’ experience and knowledge PHA will work best if the members of the analysis have experience with the system that is going to be made 5 PHA on system concept Subject: Connection to the central database Dangers Causes Effects Barriers / actions No connection / No data received The central database is down Then we will have trouble with: -No registered users -No user updates -The users cannot log in We shall regularly / continuous poll the central database. If fail, one of our alarms shall be activated, and the administrators will get an SMS or an e-mail. Wrong data received - Our SQL query is wrong - Database central error - The central database interface have changed, and we have not updated our query - Wrong user updates - Wrong registered users - We have to notify the central database administrators that we are depending on their database. - We have to change our query It is hard to define a barrier here, we have to depend on feedback from our users 6 PHA on High level requirements Requirements Incident Consequence User registration Not registered Can not use the system Registered multiple times Several Ids can result in missing exercise deliveries Forget password user ID Can not access the system User disappears in the system Can not use the system Information get lost Wrong info Can not access the system Wrong information Missing feedback Registered multiple times 7 Happy Scenarios Scenario ID: “User logon” Scenario pre condition: The student chooses the course he or she wants to take from a list at the universities web pages. The student will log in as a student, and writes in (when prompted) username and password. Function Incident Consequence Severity Wrong UID / password No access L UID/password not recognised No access Annoyance Re-registration of user M Inconsistency between web and “student system” Rejected M Course full Rejected L Login as wrong person Destroy information Security problem H Not yet opened course (no available information) Can miss out on taking course if user waits too long to register (this may be an organisational issue) L Scenario post condition: When the student successfully has logged in, he or she can read the latest news, will be able to download the files that have been published by the teacher, and can join and participate in the discussion group at the course news group. 8 Notis board innhold The KJ process Vedlegg The new item is not in the notice board Info kommer ikke på websiden Får ikke lest vedlegg Info er feil eller uleselig Får ikke lagt ved vedlegg Element is not added to the notice board News item attachemnts are missing (links missing or dead links) Vedlegg med virus News item is dated incorrectly (not part of scenario) Teacher is not able to select ”add element to notice board” from the menue Students are able to add items to the notice board without having the proper access privilegies Ytelse Systemet henger Siden blir forsinket oppdatert og studenten sender samme info en gang til => dobbeltpost Menyvalg The text is not the same as the teracher wrote in Students can not see the new news item on the notice board Får ikke oppdatert notice board Får ikke endra / fjerna notis The menue choice leads to wrong address Kommer ikke tilbake til start etterpå Noting happens when the menue item is chosen 9 Safety when using Agile methods Agile methods uses stories for requirements We add the hazard stories Hazard Story Stories Development Refractoring 10 The methods None of the methods will find hazards that none of the members have experienced or thought might happen We need more experiences and this can be done by building and using a experience database 11 Traceability Traceability is important because it: Makes it possible to get an overview of the system and help people easy find reasons for decisions when developing software Link hazards to proposed barriers and actions identified Will help us to document our decisions 12 Why Intent Specification ? Intent Specification will allow us to: Explain reason for decisions Show consequences of decisions In order to justify our decisions we can use Expert judgment Experiences ”What if?” – analysis 13 Intent Specification Intent Specification has hyperlinks that links parts of documentation and code that influence each other Links from requirements through the documentation and down to the code Decisions on how to comply with a safety requirements and links to the code where it’s done 14 Example of Intent Specification Before start of development History of previous systems High level requirements PHA Requirements Architectur e Hazop CCA Requirements for components Code System is finished User guides 15 SpecTRM SpecTRM is a tool that can be used to realize Intent Specification. The tool is: Made to be used to develop safety critical software systems and supports the use of Intent Specification Adaptable and can also be used for a system that is not safety critical 16 Discussion Challenges with traceability Traceability both ways will add more work to maintain Is it enough to have traceability only bottom – up? PHA – Happy scenarios is probably the best method Are Agile Methods are useful for business critical systems? 17